Table of Contents
PFSense - DNS - Local DNS on PFSense, everything else on PiHole
Have Pi-hole resolve hostnames of DNS clients, and report by hostname rather than IP, then DNS queries should follow the path:
client -> Pi-hole -> pfSense -> Internet
Configure pfSense
Navigate to System → General Setup.
In System:
- hostname: pfSense.
- domain: localdomain.
In DNS Server Settings:
- DNS Servers: Enter values for DNS Servers.
- DNS Server Override: Not Checked:
- Disable DNS Forwarder: Checked. This forces the firewall to use the DNS servers entered above.
Configure DNS Resolver
Navigate to Services → DNS Resolver → General Settings.
In General DNS Resolver Options:
- Enable: Checked. This enables the DNS Resolver.
- Network Interfaces: Select the Network Interface to apply. LAN and localhost.
- DNSSEC: Checked.
- DNS Query Forwarding: Not Checked.
- DHCP Registration: Checked.
- Static DHCP: Checked.
In Host Overrides:
- Add systems with static IPs as Host Overrides.
NOTE: These should have the same domain as that specified in System → General Setup.
Configure DHCP
Navigate to Services / DHCP Server.
Select the Interface to configure, such as LAN.
In General Options:
- Enable: Checked.
In Servers:
- DNS servers: Enter the IP address of the Pi-hole.
In Other Options:
- Domain name: Enter the same domain name as that specified in System → General Setup.
Configure Pi-hole
Navigate to Settings → DNS:
In Upstream DNS Servers:
- Custom 1 (IPv4): Enter the IPv4 address for the LAN interface on your pfSense.
- Custom 3 (IPv6): (Optional) If using IPv6 on the pfSense, then populate the IPv6 address for the LAN interface on your pfSense.
In Advanced DNS settings:
- Never forward non-FQDNs: Not Checked.
- Never forward reverse lookups for private IP ranges: Not Checked.
NOTE: Renew the DHCP leases on the clients.
The pi-hole server will automatically do reverse lookups on the clients.
Therefore the pi-hole should show the host names instead of IP addresses.